woew9 (woew9) asked a question.
O365 - universal sync & aad connect
HI,
We were left with AAD Connect and Universal Sync enabled together. Which O365 Provisioning Type should we have used for a hybrid environment where AAD Connect is still required?
- marius.voinescu1.5083867485705222E12 (Okta, Inc.)
Hi Paul,
This is Marius from Okta Support team.
When we are talking about hybrid integrations, Universal Sync and User Sync can not be used. If the options are available but not selected, that does not cause any issues. In most scenarios, Hybrid integrations with AAD, Okta will be used only with Licenses/Roles Management Only.
As seen in the screenshot attached for reference, Universal Sync and User Sync do not work with DirSync, AADSync or AADConnect.
Thank you.
Expand Post - woew9 (woew9)
Thanks for the reply. It looks like we are going to have to change our provisioning type. Is there a process to go from Universal Sync to a hybrid setup? Or, do we have top create the application again?
- 00u1384gr2attgM3H2p7j1.52527725239956E12 (Customer)
Hi Paul,
Our organization recently went through a similar situation. We had to retire the O365 Universal Sync app and create a new O365 application (selecting the Licenses/Roles Management only option).
- woew9 (woew9)
Hi Josh - Thanks for the reply. If I may, did you all consider making the change to Universal Sync only? I'm weighing the pros and cons and not sure which way to go at this point. It seems like we are so close to doing away with AAD Connect, but are not completely aware of the impact it will have. We have already moved most of our distribution lists to group lists in the cloud.
- 00u1384gr2attgM3H2p7j1.52527725239956E12 (Customer)
I may be misunderstanding your question but for our environment it was a messy situation. Ultimately, we decided to keep the DirSync tool as user object management in AD was easier for all support and administrative teams.
- AnuragG.07169 (Customer)
Hi OKTA, I have query wherein my environment has AAD Connect which is being used as SYNC on-premise objects to O365. Now, I am looking for OKTA integration for assigning licenses and role provisioning option highlighted above.
> When selecting this option, I can assign licenses through OKTA but if users already assigned licenses in O365, whether OKTA will overrides and remove O365 license and will assign licenses again. If yes, do I need to export licenses what is present in O365 and create groups with respective licenses assigned to users in okta so that licenses are re-instated when Provisioning option is enabled.
> When user is disabled, O365 license will not be removed automatically since we selected License/Roles Management only option. Please confirm.
> Can we have detailed document explaining about this provisioning features details as OKTA portal does not have anything in detail about it,
Expand Post
This question is closed.
Hi Paul,
This is Marius from Okta Support team.
When we are talking about hybrid integrations, Universal Sync and User Sync can not be used. If the options are available but not selected, that does not cause any issues. In most scenarios, Hybrid integrations with AAD, Okta will be used only with Licenses/Roles Management Only.
As seen in the screenshot attached for reference, Universal Sync and User Sync do not work with DirSync, AADSync or AADConnect.
Thank you.